-
Notifications
You must be signed in to change notification settings - Fork 30
LSPS2: JIT Channels. #22
LSPS2: JIT Channels. #22
Conversation
0fd471c
to
86008af
Compare
A difficulty is that one mitigation plans for bad clients is to suspend forwarding until the first payment (the one that pays for the channel open) is claimed, since the client really does have to pay for the inbound capacity service. In principle if that kind of mitigation was not a consideration, there would otherwise be no need for a |
Maybe the payment amount should be optional, allowing some clients to not provide it, while others who know the first payment amount can? In general, the whole "enter the amount you want to be paid" thing is pretty terrible UX, and relying on receivers to do that in order to receive funds really sucks. |
@TheBlueMatt writes
It kinda conflicts with the combination of the below:
If we can remove one or the other, then it becomes safe to completely remove
The Now you might point out that multipart payments with HTLCs allows the LSP to identify the parts of a single payment, but the intent is that in the future we will do PTLCs and that information will not be available to the LSP, so it would not be future-proof. That is actually what I was explaining in #22 (comment) but I guess I was writing that sleep-deprived so it is hard to understand. Of the two, I would be more willing to sacrifice the cannot-use-unless-paid mitigation than multipart, but Breez mentioned that and it would be better for you to discuss this with them somehow. |
TODO: consider a |
What if the LSP takes a fixed percentage of the htlc amount for every htlc until the settled fee is greater than or equal to the price of the channel? That could lead to overpaying the fee if there is multiple payments at once, but the client can choose to fail one of the payments if it feels it is overpaying. |
Updated: Explain LSP-trusts-client and client-trusts-LSP and why these are not compatible, use |
The LSP generates non-standard forwards, where the amount received | ||
by the client is smaller than specified in the onion; | ||
the client MUST accept the non-standard forward(s), provided they | ||
sum to at least `payment_size_msat - opening_fee`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should refer to lightning/blips#25 at least here, maybe other places also.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blip-0025 is currently in draft state. Should we defer LSPS2 merge until after bLIP -0025 is merged?
d812a64
to
cbfb216
Compare
Updated: Removed references to LSPS3, strongly clarify that LSP-trusts-client allows client to wait 0, 1, 3, 6, 10000 confirms |
* SHOULD wait for payment parts of a single payment hash until all | ||
parts sum up to at least `payment_size_msat`. | ||
* MUST NOT fail with `mpp_timeout`, as the final hop is the client | ||
and that error is only allowed at the final hop. | ||
* MUST fail with `unknown_next_peer` if all parts have **NOT** | ||
summed up to at least `payment_size_msat` **AND** | ||
`opening_fee_params.valid_until` has passed. | ||
* MAY fail with `unknown_next_peer` if it receives too many payment | ||
parts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SeverinAlexB You can't explicitly return unknown_next_peer from LND (although the diff for that change would be trivial, similar to this breez/lnd@3bd3c78)
But a trick you can use is to forward the htlc without modifying. Because LND doesn't know the channel id, it will return unknown_next_peer.
cbfb216
to
26a745e
Compare
Updated: fix typos, add links to common-schemas. |
87ed947
to
326d297
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some more comments. Most importantly, there are still a lot of questions around the non-custom forward. A "Notes On Implementation" as we have it for LSPS0 would help a lot.
and needs to protect its funds, even though most of the time it is in | ||
"LSP trusts client" model. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and needs to protect its funds, even though most of the time it is in | |
"LSP trusts client" model. | |
and needs to protect its funds, even though most of the time it SHOULD be in | |
"LSP trusts client" model. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The intent is that this is a non-normative example, as noted in the previous line:
The LSP might do this for example if it detects it is being attacked
Thus, normative text like "SHOULD" would be inappropriate, as this is an example, not a prescription.
LSPS2/README.md
Outdated
### 0. API Version | ||
|
||
The client can determine the versions supported by the LSP via the | ||
`lsps2.getversions` call. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why method names with no underscore? This should be lsps2.get_version
. I don't understand why we whould use a different naming schema for methods compared to any other variables. Snake case everywhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shrug. not really motivated to change this. IMO bikeshed issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shrug. not really motivated to change this. IMO bikeshed issue.
This is not bikeshedding. We def. want to have a uniform API over all LSPS. I agree it doesn't really matter much which way to go as long it has the same format, but given we use snake case everywhere else we probably want to use this here also?
The LSP SHOULD provide a `valid_until` time that is at least 10 minutes from | ||
the current time. | ||
[<LSPS0.datetime>][] | ||
* `min_lifetime` is a number of blocks that the LSP promises it will keep the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lifetime is defined by the client in LSPS1. Here the lsp defines the lifetime. Should we add an optional min_lifetime
parameter so the client can determine the lifetime?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably ask at next meeting.
* SHOULD wait for payment parts of a single payment hash until all | ||
parts sum up to at least `payment_size_msat`. | ||
* MUST NOT fail with `mpp_timeout`, as the final hop is the client | ||
and that error is only allowed at the final hop. | ||
* MUST fail with `unknown_next_peer` if all parts have **NOT** | ||
summed up to at least `payment_size_msat` **AND** | ||
`opening_fee_params.valid_until` has passed. | ||
* MAY fail with `unknown_next_peer` if it receives too many payment | ||
parts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at this issue again, I don't believe LND is capable of a custom forward that differs from the amount defined in the onion. This is not good. I reached out to Alex.
Also, don't know about CLN. Our main requirement for this spec is to be compatible with the major implementations with the available API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did another pass, mostly wording suggestions/nits.
LSPS2/README.md
Outdated
it has no inbound capacity, and the client cannot pre-buy this capacity | ||
(for instance, it also has no outbound capacity or on-chain funds). | ||
* The client determines the parameters of a particular LSP via a | ||
`lsps2.getinfo` request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should really clarify whether we'll use snake_case
or not.
e290bae
to
70fdb14
Compare
Updated: Add support for funding batching on LSP side, require bLIP-0025 / |
70fdb14
to
06ae2b1
Compare
Updated: make method names |
06ae2b1
to
39e6493
Compare
Updated: Fix a typo in the example parameters for |
39e6493
to
62f3e05
Compare
Updated: fix conflict in |
@npslaney can you also tag Breez?
@cdecker